Questions / Suggestions.

Discussion in 'LnS English Forum' started by bobby444, Jul 14, 2003.

Thread Status:
Not open for further replies.
  1. bobby444

    bobby444 Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    10
    Hello all. Just trying out Look N Stop. All ports stealthed.

    Have a question about the application filtering.
    How do I deny an application server rights?
    Like in zone alarm.. it ask if the app can connect to the internet.. Then it also ask to allow it server access or not.
    ( Would be a nice feature to add to it. )

    Also.. If I were to allow an aplication to access the internet. Then later on go back to the application filtering and select it to Not connect to the internet.. it will still be allowed to connect. Unless I completely remove the app from the list and let it ask for access all over again.
    (Would be great to have extra settings for each app like:
    ( Allow Local | Allow Internet | Allow Server )
    yes | yes | no
    Instead of just allow or dont allow.

    Would also be great to have an easy Stop All Internet traffic button. lol! Im trying to make it like za! lol.. only without the resource drain. lol

    Let me know if it has those features I suggested.. for I could be over looking something....

    | win98se | 220ram

    (P.s - pressing the preview button.. post the message instead of previewing it for some reason.... ?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi bobby444,

    For the issue regarding the [Preview] button causing your message to post versus actually seeing just a preview of it, please see this thread:

    https://www.wilderssecurity.com/showthread.php?t=10340

    After reading that, feel free to add your experience to it. It is probably related to how active scripting is used with the Post and Preview buttons and a possible conflict or restriction.

    I'm sure others will be along soon to answer your LnS questions.

    Best Wishes,
    LowWaterMark
     
  3. bobby444

    bobby444 Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    10
    Humm.. no replies yet? humm..

    Anyway. I suggested that one feature for security reasons.

    Say you downloaded an app that you thinks legit.. and it does need to connect to the net. Sure,, you click allow. BUT THEN this app you allowed to connect has also got a Hidden Server running thats built into it. and since look n stop dont ask you for server rights..but only to connect.. your computer is now a web server! ahh!!!

    So thats why I want to be asked to allow an app server rights or deny it,but yet still be asked to allow it to connect to the net. Thus it connects.. Thus the server part is denied. Thus your still good to go to use the app.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey bobby444

    This is a Rule-base Software Firewall unlike ZoneAlarm, if we Authorize Client Applications at an Application Filtering Layer it still require rule(s) to Determine whether or not the Packets are Allowed or Denied To the Internet and In From the Internet…

    Application Filtering >
    Internet Filtering >
    TCP Stateful Packet Inspection >

    There is also a Feature called “TCP – Block Incoming Connections” which many of today’s software Firewalls still didn’t implement into their Software Firewall products. Look ‘n’ Stop is one of little few that does have this Feature and when it’s in use All Remotely generated TCP Connections are Blocked stone-cold, unless you have a Rule in specific locations to Authorize an Inbound Traffic in some manner.
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, server connections can be allowed/blocked directly with the Internet Filtering.
    Since only one application only can listen to a TCP port at a time, you can use the "Application" button in the Internet Filtering rule if you want to activate a TCP server rule for a specific application.
    Typical case is the ident port for an Irc application.

    Frederic
     
  6. fryr

    fryr Registered Member

    Joined:
    Jul 15, 2003
    Posts:
    51
    It would be nice and more secure if the port rule was auto disabled when the application is closed.

    I.E. Set port 113 to be allowed for application Trilian Pro - Port Rule shows as disabled because app is not running. Load Trillian Pro and Port 113 rule is a shown as active and port is open. Close Trillian Pro and Port 113 rule is still shown as active and port is open.
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    If you add "Trilian Pro" to the application list for the ident/113 rule in the Internet Filtering, this is exactly what should happen. The port will be open only when the application is started and when the application opens a connection.

    How do you test a port is open ?
    FYI: Only online scans are significant.

    Frederic
     
  8. fryr

    fryr Registered Member

    Joined:
    Jul 15, 2003
    Posts:
    51
    I assumed that because Trillian Pro enabled the rule when it launched then it would also disable the rule when it closed.

    For instance I only want port 113 opened for Trillian Pro and not for MIRC. If I launch Trillian Pro first and close it down it leaves the Port 113 rule active and when I launch MIRC the port is open. Is this the case ?
     
  9. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    No it is not the case, if you add only Trillian Pro in rule edition for the ident/113 rule, the rule will be enable when Trillian Pro connects to internet and disable when Trillian Pro disconnect from internet.

    Frederic.
     
  10. fryr

    fryr Registered Member

    Joined:
    Jul 15, 2003
    Posts:
    51
    Thanks Frederic

    I have tested this and it works as described the port remains open only whilst the application is loaded.

    Regards
    Richard
     
Thread Status:
Not open for further replies.